Vulnerability Details : CVE-2012-3495
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2012-3495
- cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:5.6:sp2:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:5.6:fp1:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3495
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3495
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:C |
3.9
|
8.5
|
NIST |
CWE ids for CVE-2012-3495
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3495
-
http://www.openwall.com/lists/oss-security/2012/09/05/6
oss-security - Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability
-
http://security.gentoo.org/glsa/glsa-201309-24.xml
Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
[security-announce] openSUSE-SU-2012:1572-1: important: XEN: security an
-
http://wiki.xen.org/wiki/Security_Announcements#XSA-13_hypercall_physdev_get_free_pirq_vulnerability
Security Announcements (Historical) - Xen
-
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html
[security-announce] SUSE-SU-2012:1132-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
[security-announce] openSUSE-SU-2012:1573-1: important: XEN: security an
-
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html
[security-announce] SUSE-SU-2012:1133-1: important: Security update for
-
http://www.securityfocus.com/bid/55406
Xen 'physdev_get_free_pirq' CVE-2012-3495 Denial of Service Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
[security-announce] openSUSE-SU-2012:1172-1: important: Security Update
-
http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593
xen-4.1-testing.hg: 6779ddca8593
-
https://security.gentoo.org/glsa/201604-03
Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security
-
http://www.securitytracker.com/id?1027480
Xen physdev_get_free_pirq() Error Checking Bug Lets Local Guest Users Deny Service on the Host - SecurityTracker
-
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Xen project Mailing List
-
http://support.citrix.com/article/CTX134708
Citrix XenServer Multiple Security Updates
Jump to